CVE-2019-18177

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update	Vendor Advisory
https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*

History

14 Apr 2025, 18:15

Type	Values Removed	Values Added
CWE		CWE-200

21 Nov 2024, 04:32

Type	Values Removed	Values Added
Summary		(es) En ciertos productos Citrix, un usuario de VPN autenticado puede lograr la divulgación de información cuando hay un endpoint de VPN SSL configurado. Esto afecta a Citrix ADC y Citrix Gateway 13.0-58.30 y versiones posteriores antes de la actualización CTX276688.
References	~~() https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update - Vendor Advisory~~	() https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update - Vendor Advisory

Information

Published : 2022-12-26 21:15

Updated : 2025-04-14 18:15

NVD link : CVE-2019-18177

Mitre link : CVE-2019-18177

CVE.ORG link : CVE-2019-18177

JSON object : View

Products Affected

citrix

gateway
application_delivery_controller_firmware
application_delivery_controller

CWE

NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2019-18177", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-12-26T21:15:10.380", "references": [{"url": "https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update."}, {"lang": "es", "value": "En ciertos productos Citrix, un usuario de VPN autenticado puede lograr la divulgaci\u00f3n de informaci\u00f3n cuando hay un endpoint de VPN SSL configurado. Esto afecta a Citrix ADC y Citrix Gateway 13.0-58.30 y versiones posteriores antes de la actualizaci\u00f3n CTX276688."}], "lastModified": "2025-04-14T18:15:18.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB78C7DE-C985-44CC-9917-7B7B40104D50", "versionEndExcluding": "13.0-58.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DF4ABEE-D1F0-408C-A80D-C204D0C164EF", "versionEndExcluding": "13.0-58.30"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

6.5 /10